Friday, April 22, 2016

When I first realized that FISA Court Presiding Judge Thomas Hogan picked her to serve as amicus for the review of the yearly 702 certifications last year, I complained that she, not Marc Zwillinger, got selected (the pick was made in August, but Jeffress would later be picked as one of the standing amicus curiae, along with Zwillinger). After all, Zwillinger has already argued that PRISM (then authorized by Protect America Act) was unconstitutional when he represented Yahoo in its challenge of the program. He’s got experience making this precise argument. Plus, Jeffress not only is a long-time national security prosecutor and former top Eric Holder aide, but she has been involved in some actions designed to protect the Executive. I still think Zwillinger might have done a better job. But Jeffress nevertheless made what appears to be a vigorous, though unsuccessful, argument that FBI’s back door searches of US person data are unconstitutional.

A former top DOJ lawyer believes FBI’s back door queries are unconstitutional

But it says a lot that Jeffress — someone who narrowly missed being picked as Assistant Attorney General for National Security and who presumably got at least some visibility on back door searches when working with Holder — argued that FBI’s warrantless back door searches of communications collected under Section 702 is unconstitutional.

Sadly, Hogan didn’t care. Worse, his argument for not caring doesn’t make sense. As I’ll note, not only did Hogan pick a less than optimal person to make this argument, but he may have narrowly scoped her input, which may have prevented her from raising evidence in Hogan’s own opinion that his legal conclusion was problematic.

To be clear, Jeffress was no flaming hippie. She found no problem with the NSA and CIA practice of back door searches, concluding, “that the NSA and CIA minimization procedures are sufficient to ensure that the use of U.S. person identifiers for th[e] purpose of [querying Section 702-acquired information] complies with the statutory requirements of Section 702 and with the Fourth Amendment.” But she did find the FBI practice problematic.

Jeffress’ amicus brief included at least 10 pages of discussion of her concerns with the practice, though ODNI did not release her brief and Hogan cited very limited bits of it. She argued, “the FISA process cannot be used as a device to investigate wholly unrelated ordinary crimes” and said because the queries could do so they “go far beyond the purpose for which the Section 702-acquired information is collected in permitting queries that are unrelated to national security.”

To dismiss Jeffress’ arguments, Hogan does several things. He,

Notes the statute requires foreign intelligence just be “a significant purpose” of the collection, and points back to the 2002 In Re Sealed Case FISCR decision interpreting the “significant purpose” language added in the PATRIOT Act to permit the use of traditional FISA information for prosecutions

Cites the FISA minimization procedure language that “allow[s] for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed”

Dismisses a former top DOJ official’s concerns about the use of FISA data for non-national security crimes as “hypothetical”

Doesn’t address — at all — language in the FBI minimization procedures that permits querying of data for assessments and other unspecific uses

Invests a lot of faith in FBI’s access and training requirements that later parts of his opinion undermine

There are several problems with his argument.

In Re Sealed Case ties “significant purpose” to the target of an interception

First, Hogan extends the scope of what the FISA Court of Review interpreted the term “significant purpose,” which got added to traditional FISA in the PATRIOT Act and then adopted in FISA Amendments Act.

Hogan cites the FISCR decision in In Re Sealed Case to suggest it authorized the use of information against non-targets of surveillance. He does so by putting the court’s ultimate decision after caveats it uses to modify that. “The Court of Review concluded that it would be an “anomalous reading” of the “significant purpose” language of 50 U.S.C. § 1804(a)(6)(B) to allow the use of electronic surveillance in such a case. See id. at 736. The Court nevertheless stressed, however, that “[s]o long as the government entertains a realistic option of dealing with the agent other than through criminal prosecution that it satisfies the significant purpose test.”

But that’s not what FISCR found. Here’s how that reads in the original, with Hogan’s citations emphasized.

On the one hand, Congress did not amend the definition of foreign intelligence information which, we have explained, includes evidence of foreign intelligence crimes. On the other hand, Congress accepted the dichotomy between foreign intelligence and law enforcement by adopting the significant purpose test. Nevertheless, it is our task to do our best to read the statute to honor congressional intent. The better reading, it seems to us, excludes from the purpose of gaining foreign intelligence information a sole objective of criminal prosecution. We therefore reject the government’s argument to the contrary. Yet this may not make much practical difference. Because, as the government points out, when it commences an electronic surveillance of a foreign agent, typically it will not have decided whether to prosecute the agent (whatever may be the subjective intent of the investigators or lawyers who initiate an investigation). So long as the government entertains a realistic option of dealing with the agent other than through criminal prosecution, it satisfies the significant purpose test.

The important point is–and here we agree with the government–the Patriot Act amendment, by using the word “significant,” eliminated any justification for the FISA court to balance the relative weight the government places on criminal prosecution as compared to other counterintelligence responses. If the certification of the application’s purpose articulates a broader objective than criminal prosecution–such as stopping an ongoing conspiracy–and includes other potential non-prosecutorial responses, the government meets the statutory test. Of course, if the court concluded that the government’s sole objective was merely to gain evidence of past criminal conduct–even foreign intelligence crimes–to punish the agent rather than halt ongoing espionage or terrorist activity, the application should be denied.

The government claims that even prosecutions of non-foreign intelligence crimes are consistent with a purpose of gaining foreign intelligence information so long as the government’s objective is to stop espionage or terrorism by putting an agent of a foreign power in prison. That interpretation transgresses the original FISA. It will be recalled that Congress intended section 1804(a)(7)(B) to prevent the government from targeting a foreign agent when its “true purpose” was to gain non-foreign intelligence information–such as evidence of ordinary crimes or scandals. See supra at p.14. (If the government inadvertently came upon evidence of ordinary crimes, FISA provided for the transmission of that evidence to the proper authority. 50 U.S.C. § 1801(h)(3).) It can be argued, however, that by providing that an application is to be granted if the government has only a “significant purpose” of gaining foreign intelligence information, the Patriot Act allows the government to have a primary objective of prosecuting an agent for a non-foreign intelligence crime. Yet we think that would be an anomalous reading of the amendment. For we see not the slightest indication that Congress meant to give that power to the Executive Branch. Accordingly, the manifestation of such a purpose, it seems to us, would continue to disqualify an application. That is not to deny that ordinary crimes might be inextricably intertwined with foreign intelligence crimes. For example, if a group of international terrorists were to engage in bank robberies in order to finance the manufacture of a bomb, evidence of the bank robbery should be treated just as evidence of the terrorist act itself. But the FISA process cannot be used as a device to investigate wholly unrelated ordinary crimes.

Hogan ignores three key parts of this passage. First, FISCR’s decision only envisions the use of evidence against the target of the surveillance, not against his interlocutors, to in some way neutralize him. Any US person information collected and retained under 702 is, by definition, not the targeted person (whereas he or she might be in a traditional FISA order). Furthermore, FBI’s queries of information collected under 702 will find and use information that has nothing to do with putting foreign agents in prison — that is, to “investigate wholly unrelated ordinary crimes,” which FISCR prohibited. Finally, by searching data that may be years old for evidence of a crime, FBI is, in effect, “gaining evidence of past criminal conduct” — itself prohibited by FISCR — of someone who isn’t even the target of the surveillance.

Hogan only treats querying for criminal purposes

Having, in my opinion, expanded on what FISCR authorized back in 2002, Hogan then ignores several parts of what FBI querying permits.

Here’s (some of) the language FBI added to its minimization procedures, at the suggestion of PCLOB, to finally, after 8 years, fully disclose what it was doing to the FISC.

It is a routine and encouraged practice for FBI to query databases containing lawfully acquired information, including FISA-acquired information, in furtherance of the FBI’s authorized intelligence and law enforcement activities, such as assessments, investigations and intelligence collection. Section III.D governs the conduct of such queries. Examples of such queries include, but are not limited to, queries reasonably designed to identify foreign intelligence information or evidence of a crime related to an ongoing authorized investigation or reasonably designed queries conducted by FBI personnel in making an initial decision to open an assessment concerning a threat to national security, the prevention or protection against a Federal crime, or the collection of foreign intelligence, as authorized by the Attorney General Guidelines. These examples are illustrative and neither expand nor restrict the scope of the queries authorized in the language above.

This language makes clear FBI may do back door searches for:

To identify foreign intelligence information

To identify evidence of a crime related to an ongoing investigation

To decide whether to open an assessment concerning a threat to national security, the prevention or protection against a Federal crime, or the collection of foreign intelligence

Other things, because FBI’s use of such queries “are not limited to” these uses

Given Hogan’s stingy citations from Jeffress’ brief, it’s unclear how much of these things she addressed (or whether she was permitted to introduce knowledge gained from having worked closely with Eric Holder when these back door searches were being formalized).

But he only treats her objection that FISC cannot be used “to investigate wholly unrelated ordinary crimes.”

And his treatment of that is pretty unconvincing. Indeed, at times Hogan’s rationalizations read like he’s trying to convince himself. He cites, without quoting, these two statements from the PCLOB 702 report (the first is from the report itself; the second is from Rachel Brand and Elisabeth Collins Cook’s separate statement).

Anecdotally, the FBI has advised the Board that it is extremely unlikely that an agent or analyst who is conducting an assessment of a non-national security crime would get a responsive result from the query against the Section 702–acquired data.

[snip]

We are unaware of any instance in which a database query in an investigation of a non–foreign intelligence crime resulted in a “hit” on 702 information, much less a situation in which such information was used to further such an investigation or prosecution.

Because FBI didn’t track these queries before this ruling, it actually doesn’t know whether any query has resulted in such a hit, and neither statement claims to be proof it never happened. From that absence of evidence, however, Hogan calls the risk “remote, if not entirely theoretical,” then treats it as a “hypothetical problem.”

Worse, Hogan presumably has reason to know the possibility is not remote at all. After all, Hogan himself authorized an expansion of FBI’s minimization procedures in 2014 permitting FBI to share 702 information with the National Center on Missing and Exploited Children, which is a pretty clear indication that FBI planned to use 702 data to investigate kiddie porn. Kiddie porn is a serious crime. But it is not, usually, a national security one (except insofar as the government now treats some Transnational Crime Organizations like it does terrorist groups. Nowhere in his discussion does Hogan explain why 702 information should be used to investigate kiddie porn, or what FBI’s clear intent to do so means for the Fourth Amendment analysis.

Hogan’s okay with what he calls a theoretical possibility, though, based on this equally theoretical example — offered by the government at the hearing — that FBI will stumble on a foreign terrorist tie when investigating some kind of common criminal plot.

A query designed to find and extract data regarding a [redacted] plot, for example, might reveal a previously unknown connection to persons believed to be funding terrorist operations on behalf of [redacted]

But what this suggestion means is that alleged terrorists with ties to a foreign organization may be investigated with information collected with less than a warrant standard. By contrast, if the FBI were to investigate, say, Robert Dear (the Colorado Springs Planned Parenthood killer, who long hailed the actions of other anti-choice terrorists and sometimes communicated with them) or the Malheur Refugee occupiers, with their ties to groups that have threatened the government, FBI would be less likely to find data showing such ties, because to actually have collected it in the past, FBI would have needed to reach a probable cause standard not required for FISA, much less 702. Yet there’s no reason to believe Islamic extremists here in the US are a bigger threat than other kinds of terrorists. Moreover, to treat white Christian terrorists with a probable cause standard while treating Muslim terrorists with a NSA targeting standard exposes is patently unequal treatment before the law.

As noted, there are two other things clearly permitted in FBI’s new minimization procedures language on which Hogan is completely silent: to decide whether to open an assessment, or “other things” not laid out in the minimization procedures.

One of the known uses of such queries is tied quite closely to the question of whether 702 data should be used to investigate common crimes, and it’s one Hogan tacitly invokes when he invokes In Re Sealed case. As I have noted in the past, during the FISCR hearing in that case, then Solicitor General Ted Olson argued that if the government obtained evidence of rape using a FISA wiretap, they might then use such information to coerce the rapist in question to become an informant.

OLSON: And it seems to me, if anything, it illustrates the position that we’re taking about here. That, Judge Silberman, makes it clear that to the extent a FISA-approved surveillance uncovers information that’s totally unrelated — let’s say, that a person who is under surveillance has also engaged in some illegal conduct, cheating —

JUDGE LEAVY: Income tax.

SOLICITOR GENERAL OLSON: Income tax. What we keep going back to is practically all of this information might in some ways relate to the planning of a terrorist act or facilitation of it.

SOLICITOR GENERAL OLSON: It’s unlikely, but you could go to that individual and say we’ve got this information and we’re prosecuting and you might be able to help us. I don’t want to foreclose that.

JUDGE SILBERMAN: It’s a stretch.

SOLICITOR GENERAL OLSON: It is a stretch but it’s not impossible either. [my emphasis]

The FBI admits it uses assessments to find informants. Doing so might easily qualify under “the decision to open an assessment.” And, especially if the FBI were using something embarrassing but not illegal (say, evidence that an Imam were engaged in an extramarital affair) to coerce a person to spy, that would have enormous implications under the Fourth Amendment.

Similarly, FBI admits it uses assessments to engage in domestic profiling — such as to map out the Somali community in Saint Paul. I could see the FBI using communications between people writing from IP addresses in certain cities to targets of interest in Somalia to decide that such profiling — of entire communities! — was worthwhile. But Hogan doesn’t deal with FBI’s use of 702 queries for assessments at all. It’s a clear part of their minimization procedures, and he doesn’t include it, at all, in his Fourth Amendment analysis.

Which, of course, leaves that “such queries include, but are not limited to,” language in FBI’s minimization procedures (which reveals the practice is even more invasive than described in the PCLOB report). What is FBI doing with this data? And why, once again, is Hogan approving minimization procedures that don’t lay out how this domestic surveillance is being used?

After relying on protections in FBI’s minimization procedures to deem FBI’s queries constitutional, Hogan then lays out two ways FBI’s minimization procedures aren’t being followed

As noted, there’s one more thing Hogan relies on to find FBI’s querying process constitutional. He cites the restrictions in the FBI’s minimization procedures to suggest the protections are adequate. “With respect to the intrusiveness of the querying process, the FBI Minimization Procedures impose substantial restrictions on the use and dissemination of information derived from queries.”

In an few cases, Hogan cites what Jeffress found problematic — that even people without training in 702 data can access it on a one-time basis — as proof of its control. “In ‘very rare’ circumstances,” he cites the hearing, “FBI personnel who are not trained for and do not have access to Section 702-acquired information may view the results of a query solely to aid in the determination of whether the information constitutes foreign intelligence information or evidence of a crime.”

Yet the second half of Hogan’s opinion — dealing with 702 as implemented, including the numerous violations reported in the year leading up to these certifications — even further undermines Hogan claim that minimization procedures make the queries acceptable. Two of the violations Hogan describes pertain to FBI minimization procedures not being enforced. For example, in his description of the multiple cases — documented in 6 difference compliance reports over the previous year and what appear to be at least three more in 2014 — where FBI did not meet its own (wholly inadequate, given that protection is focused primarily on indicted defendants) minimization procedures designed to protect attorney-client communications, Hogan judged, “FBI case agents are generally aware of the requirement for a review team when a Section 702 target is charged with a federal crime, but they are confused about the specific requirements of the FBI Minimization Procedures.” He does so while describing a situation that, by asking agents whether a target might be indicted in the future, might encourage agents to delay indictment so as to delay the time when attorney-client communications would become subject to the taint team.

More troubling is an almost entirely redacted violation pertaining to failure of access controls to raw 702 data. Hogan introduces a two page, entirely redacted discussion about this problem by noting that FBI’s minimization procedures grant access to raw 702 data “‘permitting access … only by individuals who require access in order to perform their job duties'” and also “requires users with access to raw FISA-acquired information to receive training on the minimization procedures.” That introduction only makes sense if the redacted two pages explain that FBI is not meeting those procedures. And it comes a year after Hogan appears to have learned of similar problems with access controls on ad hoc FBI databases created from 702 data. Less than ten pages after having found FBI’s querying process constitutional because of access limits and training required to use this data, then, Hogan lays out how FBI access controls don’t work and agents remain “confused” even after being trained on the minimization procedures.

Plus, throughout the discussion of compliance problems (including more pertaining to NSA), there’s no mention of Jeffress’ involvement (although the attorney-client review team problems were discussed at a hearing that she also attended). It’s unclear whether Hogan permitted Jeffress to learn of these violations (he determines what she needs to do her job, after all), and if she didn’t have access to it, it would have prevented her from showing why the FBI’s minimization procedures aren’t adequate to protect Fourth Amendment rights.

Hogan’s easily gamed reporting requirement

Hogan doesn’t leave FBI’s querying process entirely untouched. He imposed a requirement that FBI “submit in writing a report concerning each instance … in which FBI personnel receive and review Section 702-acquired information that the FBI identifies as concerning a United States person in response to a query that is not designed to find and extract foreign intelligence information.” Such reporting, if required indefinitely, is worthwhile — and should have been required by Congress under USA Freedom Act.

But FBI can and presumably will game this information in two ways. First, FBI’s querying system can be set such that, even if someone has access to 702 data, they can run a query that will flag a hit in 702 data but won’t actually show the data underlying that positive return. This provides one way for 702-cleared people to learn that such information is in such a collection and — if they want the data without having to report it — may be able to obtain it another way. It is distinctly possible that once NSA shares EO 12333 data directly with FBI, for example, the same data will be redundantly available from that in such a way that would not need to be reported to FISC. (NSA used this arbitrage method after the 2009 problems with PATRIOT-authorized database collections.)

FOREIGN INTELLIGENCE: information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations or foreign persons, or international terrorists.

It would be relatively easy for FBI to decide that any conversation with a foreign person constituted foreign intelligence, and in so doing count even queries on US persons to identify criminal evidence as foreign intelligence information and therefore exempt from the reporting guidance. Certainly, the kinds of queries that might lead the FBI to profile St. Paul’s Somali community could be considered a measure of Somali activities in that community. Similarly, FBI might claim the search for informants who know those in a mosque with close ties overseas could be treated as the pursuit of information on foreign activities in US mosques.

Hogan imposed a worthwhile new reporting requirement. But that’s still a very far cry from conducing a fair assessment of whether FBI’s back door searches are constitutional.

No comments:

Post a Comment

To reduce spam, this alternate site requires users register to comment or use OpenID. Comments on posts more than (5) days old subject to moderation. Comments posted at this site will not appear at the original/primary site.